Get Instant Loan up to ₹10 Lakh!
After two years of deliberations, in December 2021, the joint parliamentary committee (JPC) on personal data protection (PDP) bill, 2019, recommended restricting the scope of the law to only ‘digital privacy’, while expanding its remit to include non-personal data (NPD). Hence, it is pertinent to examine how such a ‘data protection’ framework would support the avowed objective of protecting individual’s ‘right to privacy’, a fundamental right, which was upheld by the Supreme Court in 2017.
Traditionally, the concept of privacy was confined within the realm of home, family and private property. In 1890, the Harvard Law Review article ‘The Right to Privacy’, co-authored by Samuel Warren and Louis Brandeis, raised privacy concerns due to undesired disclosure of something truthful yet embarrassing, and advocated for the right to be left alone from the prying eyes even in the public space, for example, by way of gossip in media and pictures taken surreptitiously.
Portable cameras were a novelty then, but billions of people carry smartphones with built-in high-resolution digital camera. Use of CCTV for criminal deterrence and investigation is often countered with apprehension of mass surveillance by the state. Likewise, concerns around surveillance capitalism are triggered by intensive and extensive data practices of Big Tech.
Need for a comprehensive law: Admittedly, several Indian laws include privacy protection, but only under a specific context. The need for an exclusive and comprehensive law for protection of privacy has been raised over several decades, often triggered by certain events or even government action.
The role of the judiciary, in general, and that of the Supreme Court of India, in particular, has been crucial in such developments. For example, its 1996 guidelines on telephone tapping led to Indian Telegraph Rules 419A under the Indian Telegraph Act, 1885 – a law older than the Harvard article cited above. The media is barred from disclosing identities of victims of sexual offences and juveniles in conflict with law.
To be sure, the government of India had initiated consultations on a legislative framework for privacy in 2010 even before Aadhaar enrolment had begun. This was followed by the erstwhile Planning Commission convening a group of experts chaired by Justice A.P. Shah which had recommended a set of nine principles in 2012. Through the long arc of evolution since 2010, legislative focus has undergone a subtle yet substantive shift from ‘privacy protection’ to ‘data protection’, leading to a widely held yet faulty perception equating the two even as the Supreme Court has acknowledged that ‘information privacy is one facet of data protection’.
What’s in? What’s out? In 2019, the government had constituted another committee on a data governance framework chaired by Kris Gopalakrishnan. In December 2020, it recommended setting up an NPD authority, as a statutory regulator, distinct from a PDP authority, proposed under PDPB, 2019. However, the JPC made two significant recommendations in the PDB 2021.
On one hand, it includes NPD, arguing that the lines between PD and NPD are blurring. On the other hand, it excludes non-digital data from the purview of the law. Incidentally, non-digital data and digital data have always been fungible. Isn’t it odd that there will be protection from harms arising out of data stored in a hard disk, but not if it were printed or written on a register?
Way forward: The record of various ministries, departments, agencies, and regulators is rather uneven and inconsistent, even ad hoc and discretionary in implementing the Pre-legislative Consultation Policy of 2014. Certain agencies are relatively more open and willing to undertake public consultations while some regulators do so due to statutory provisions. Incidentally, even the Constitution had incorporated the comments in response to a draft published in 1948. Admittedly, the government had sought comments via public consultation on the draft Personal Data Protection Bill, 2018, proposed by the committee of experts chaired by Justice Srikrishna. However, JPC recommendations have changed the very nature of the bill.
Hence, a fresh round of public consultation must be undertaken in view of the fundamental shifts recommended by the JPC. That would ensure that the law provides comprehensive privacy protection rather than remaining just a chimera.
Deepak Maheshwari is senior fellow at ‘Centre For The Digital Future’ (CDF).
Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.